Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16088

Secret generated by CCO on STS Manual Mode cluster does not have default section

XMLWordPrintable

    • Important
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Secrets generated by CCO in STS mode is different than the one created by ccoctl on cmdline.

      ccoctl generates:

      [default]
sts_regional_endpoints = regional
role_arn = arn:aws:iam::269733383066:role/jsafrane-1-5h8rm-openshift-cluster-csi-drivers-aws-efs-cloud-cre
web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token

      CCO generates:

      sts_regional_endpoints = regional
role_arn = arn:aws:iam::269733383066:role/jsafrane-1-5h8rm-openshift-cluster-csi-drivers-aws-efs-cloud-cre
web_identity_token_file = /var/run/secrets/openshift/serviceaccount/token

      IMO these two should be the same. AWS EFS CSI driver does not work without "[default]" at the beginning.

      Version-Release number of selected component (if applicable):

      4.14.0-0.nightly-2023-07-11-092038

      How reproducible:

      Always

      Steps to Reproduce:

      1. Create a Manual mode, STS cluster in AWS.
2. Create a CredentialsRequest which provides .spec.cloudTokenPath and .spec.providerSpec.stsIAMRoleARN.
3. Observe that secret is created by CCO in the target namespace specified by the CredentialsRequest.

      Actual results:

      The secrets does not have [default] in the `data` content.

      Expected results:

       

       

              btofelrh Brett Tofel
              rhn-engineering-jsafrane Jan Safranek
              Feilian Xie Feilian Xie
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: